All things related to the Modern Workplace, to include original content and shared content from vendors and industry experts.

Wednesday, August 29, 2018

Cybersecurity Policy Framework 3 of 3

Cybersecurity Policy Framework 3 of 3

Introduction

Understanding how the Policy Framework is used is critical
for your Enterprise to implement the Cybersecurity Guidelines and achieve full
compliance.In this last article in this
series we will show how the National and International Cybersecurity Policies,
Laws, and Implementation Guidelines have evolved in the Philippines

National Cybersecurity strategy

This
Cybersecurity Policy Framework focuses on three key regulatory aspects of Cybersecurity policy, framed by a wider national strategy as well as an
international strategy for Cybersecurity.

Philippine National Strategy for Cybersecurity

What is a National Strategy for Cybersecurity?

Task Force for the Security of Critical Infrastructure (TFSCI)
08 August 2004 has published a National Cyber Security Plan that you can read here...

The organization that most closely meets the definition of a Cyber Security Agency is the Commission on Information and Communications Technology which created the above plan and is responsible for ongoing Cyber Security efforts under DICT.

Highlights from that plan are:

Transnational threats from 1) non-state actors, 2) spread of technology for chemical, biological, radiological and nuclear purposes, 3) proliferation of high technology and intelligent communication and weapons systems, and 4) heightened activities leading to the exploitation of cyberspace to attack national strategic infrastructures, are just some of the threats that confront us today.

This National Cyber Security Plan is a guide to protect the nation’s digital infrastructure and the Philippine Cyberspace as a whole. It is a working plan that seeks to generate a coordinated, cooperative and collaborative effort between the public and private sectors to protect our cyber or digital infrastructures.

Protecting the Philippine Cyberspace from being disrupted, exploited and destroyed is the primordial duty of every citizen of this country. To this end, the public sector has to take the lead in terms of defining policy and programs aimed not only to harden these infrastructures but also to develop them further in support of national development goals. On the other hand, the private sector has to be involved in the national cyber infrastructure planning process and programs more decisively.

Rest assured that the Commission on Information and Communications Technology (CICT) shall remain in support of the government’s effort to protect our critical cyber infrastructure.

At present, the term cyberspace is conventionally described as “the nonphysical terrain created by computer systems.”

Cyberspace Components include:

Enterprise Networks/ Intranets

Local Internet Service Providers (ISPs)

Regional Network Providers (RNPs)

Internet Backbone

User Services

Online Content

Source of Online Content

End-Users

Telecommunication Services

Why is a National Strategy Needed?

Over the past years, the threats to the country’s cyberspace have dramatically increased. As our country’s level of dependence upon information technology and information infrastructures increases, we are becoming more exposed to the potential impact these threats could create against our socio-economic well-being, political stability and national security priorities. Truly, if we aspire to emerge as a strong information and knowledge-based economy, we cannot let these threats prevail over our way of life as a nation. It is the policy of this administration to provide the environment wherein our cyberspace is secured and protected, thereby adequately providing information assurance that our critical cyber infrastructures would be free from any disruption and interference. -- GLORIA MACAPAGAL-ARROYO, President

What Makes a successful national strategy for Cybersecurity?

Advancements in the field of information and communication technology may beconsidered as one of the forces that have drastically changed the landscape ofinternational and national security. Such technological innovations have made theexisting world order more complicated -- no longer is the nature of threats definitiveunder conventional military and police parlance as it was before. -- USEC ABRAHAM A PURUGGANAN, HEAD Task Force for the Security of Critical Infrastructures (TFSCI)

Key policy principles

Risk-based
and proportionate –

Outcome-focused
–

Prioritized
–

Practical
and realistic –

Respects
;privacy, civil liberties and rule of law

Globally
Relevant –

To
assist policy-makers in the development of a national cybersecurity strategy,
Microsoft has published a guide, based on its experience of emerging best
practices around the world. The guide, “Developing a National Cybersecurity
Strategy”, is available at microsoft.com/en-us/cybersecurity/.

Internationally
Cybersecurity Agencies

The following graphic shows the state of National
Cybersecurity Agencies.

Many possible types of agency but all with one essential purpose

A national Cybersecurity
agency, if appropriately structured, can substantially increase the readiness
of a country’s Cybersecurity ecosystem, with many of the economic and
developmental benefits already outlined.

The creation of such an
agency can follow many paths, e.g. by delegation of existing powers from other
parts of government to a standalone body or by creation of multiple agencies
with clear briefs focused on distinct aspects of Cybersecurity .

In all cases, however,
public-private partnership and cooperation will be key because much of
“cyberspace” is built, owned and operated by the private sector. Obstructive
dynamics between a national Cybersecurity agency and businesses, not to mention
with peer agencies in other states, will be counterproductive.

Conclusion

Ion Management and our Modern Workplace have been designing
and implementing the Philippine Cybersecurity laws, policies and implementation
guidelines since the beginning and works hand in hand with Security Product
Vendors and Philippine Cybersecurity Agency.

M.O. 37, s2001 (Providing for the Fourteen Pillars of Policy and Action of the Government Against Terrorism – critical infrastructure is defined in this document and requires the preparation of a comprehensive security plan [1][a] above)